I like the snide comment that implies the Australian government does not have a clue about the consequences of their policies, let alone any idea whatsoever how to verify age without government ID. The Australia politicians are the laughing stock of the world and that's a pretty competitive arena lately!
They know exactly what they're doing. If laws A and B cannot both be complied with then they have power of arbitrary enforcement over anything that would be subject to both.
Legislators are literally law professionals and most of them are old lawyers. They know EXACTLY what they're doing.
It could mean the British government too (the UK legal implementation is even worse. At least Australia commissioned a report on age verification. The British government just assumed it was fine because the trade body told them it was, and Ofcom have actively washed their hands of any responsibility for safe implementation at all).
i just dont understand why pollies continue to try implement age and verification policies, and always try to use the "think of the children" argument.
Nobody wants it. It's a form of control on the internet that i would not desire. I don't care about preventing any harm, because the said harm doesn't get prevented in the first place, and new harm is placed on me!
Therefore, anyone in their right mind ought to completely oppose any sort of verification scheme on the internet. If you want verification, get the customer to pay a nominal amount via credit card - that is as far as it ought to be allowed to go. Any further, which includes demanding by law for verification, should not be allowed.
“I don’t want it” and “nobody wants it” are vastly different things, and in this case the latter is definitely not true.
There probably are/will be ways to do age verification fairly accurately, but they will be scary in other ways, and will certainly violate your privacy, at least during that process.
I have a 14 year old daughter, it is was actually possible, I'd want it.
But, I know better than thousands of policy writers in the Australian government and know it's not actually possible without destroying the internet as we know it, so, I don't want it.
You can't use credit/debit cards, think of the children and the 0.001% of people in Australia without a card.
Not applicable today, but older games such as Leisure Suit Larry used to ask age verification questions, anonymous in a way that a government issued ID is not.
Websites could easily add X-Recommended-Age or X-Content-Rating headers where browsers could enforce a decent set of filters for adult-oriented content.
Popular platforms, I think, have age ratings on streams (twitch stream age tags), youtube, etc
The above would cover 90% of content-related concerns and combined with things like cloudflare dns filtering you'd have a relatively safe internet experience.
The interacting-whith-people (or oddball harms like character.ai) concerns can then be more easily policed by parents.
The industry has chosen not to implement basic controls and is asking for government controls.
This honestly. I honestly think this is so easily solved at the OS/browser level. Apple already does parental controls. Just pass 'Can view adult content' and 'can watch ads' from there to the browser. Don't even expose the actual age.
Like any other “voluntary” system, this is also doomed to fail. It’s not like the cigarette companies didn’t target children for a reason.
To put it bluntly, the companies that use the “voluntary” metric that by definition restrict their reach will have less monthly active users and therefore less revenue than those who do not, so therefore nobody will. Already happened in 1998, it will definitely happen again.
If google required the voluntary ratings headers to exist for search results, or even just hinted that they were an SEO-positive metric (like extending RICE to add D-emographic) or serving appropriate ad content this would be implemented word-wide by next week.
The main problem is that you may not want the state to know how many porn sites you're accessing.
That's where you'd want an intermediary: you log in on porn site A => redirects to some intermediary which only needs to check your age => login from the state, get age, send user with verified token to porn site.
Porn site only knows your login and the fact you are an adult.
Intermediary knows someone needed to validate their age.
State knows this random no porn site wanted to check some claims about you.
Wouldn’t this be a perfect place for something like Privacy Pass? Tokens which the government provides to users to auth them as adults but which are not trackable.
Because what is the problem to solve here? If you do not require services to confirm the age of the user, they will not have to confirm the age of the user. This is a problem created.
I don't know if the commenter refers to this one or not, it's probably too recent and far from "solved".
The EU portal itself has an identity verification functionality, I can use my national ID (national insurance number, specifically) in EU polls, petitions and other EU portal functions, but that's anything but anonymous by design.
I think this is one of those processes that the free market can’t solve unless you have extremely strict regulation.
As bad as it sounds, I also think a government funded partially public entity should provide this form of verification.
If you remove the need to profit to be sustainable for a company like this you remove the need for growth. And if you do that, you also remove the need to find sketchy ways to exploit the data.
The free market would likely go for a low friction solution. Require adult and all sites that allow anyone to upload content to add the RTA header. Make a law putting liability device/app makers to look for the RTA header and put the overall liability of enabling parental controls on the parents. App out of compliance could be pulled from the app store until compliant. Not perfect in any way but is trivial to implement. [1] Plenty of sites have already implemented it. [2] Privacy compliant, no data leakage, no sharing identities, no third parties.
Server operators just add one header, done. App and device developers would have to dig up some old code that can look for a header and check parental controls. Most kids are on phones and tablets. Complete mobile in two years as phase one. Desktops four years out as phase two. That may seem like a long time but this discussion has been ongoing since 2001 at least.
All the big tech companies have lobbyists. Have your lobbyists push for this and this could become a non issue in very little time.
In the TV space, there's been, for 30 years (and mandatory in all new TVs in the US for the past 25), the V-Chip [1], which was specifically designed to be able to let parents disable viewing of inappropriate content. So it's not like the government hasn't gone down this path before.
I suspect the issue is that the user-side voluntary disabling of access means that--like with the V-Chip--almost no one will go about doing it, and that for many of the people trying to push for porn site restrictions, the side effect of forcing porn sites to close down is actually a desirable effect.
Exactly, have sites merely disclose rough categorizations, move the decision-smarts to devices, and put control in the hands of the owners of those devices.
This places a majority of the cost of implementation on the people who actually want to use it, avoids a creepy Orwellian surveillance system, and enforcement is moved into a physical immediate reality that the average parents can see and monitor.
It also means you don't need to worry about visitors who are unmarried under the age of 16 years and three full moons who may not see unclad ankles in Elbonia.
This seems like an elegant approach. Why hasn’t it gained as much traction as these third-party-ID kinds of approaches?
Is it just the lack of an organized constituency? Resistance from device manufacturers/store operators? Too much control situated with individual families, so the absolutist political voices feel like it’s not pure enough? Or do they figure it’s too easy for a clever kid to bypass?
That works great, so long as you don't have any malicious actors interested in the treasure trove of data you've amassed.
It's kind of like how in physical systems, if you kill all the predators in a few square km it leaves a void where any predator capable of evading your traps is able to prosper far more than you could have imagined, requiring intense efforts to actually secure whatever it is you were protecting.
If you create an environment that's attractive to predators (giant pools of interconnected, personal data and a system designed around access to that data being equivalent to being the person in question), so long as there are predators you can expect them to infiltrate that system unless you apply extremely costly countermeasures.
Rather than in-housing the identity verification (and allowing DOGE et all to slurp that up), I'd rather ban that sort of thing altogether and take out the private sector alternatives at the same time.
If we really think that's not possible, a centralized implementation is usually preferable (e.g., why do I need to provide more information and photos to id.me than I ever did to the IRS when all I'm trying to do is access my tax data, and why do the new terms of service strongly suggest that my personal information is being used for reasons far beyond identity verification). I don't think that's required for most of the identity-related concerns I've seen the last few years though.
In Germany in fact we have Postident, which works fine, but is a bloated and unintuitive process and only makes sense for higher-margin and higher risk verification purposes, like opening a Bank Account.
100% agree. And I don't know why it is not a thing already. It's NOT a hard problem to solve. Submit the user given data to a government platform and this platform can then validate with NFC + government ID that it is indeed the correct person.
It'd be such a boon for any age verification legislature in the future.
The free market isn't going to solve it, because frankly it isn't a real problem and therefore cannot be solved. It is a neuroticism on a societal level to live in fear of minors accessing 'forbidden content' that we have experimentally proven isn't really all that bad for them anyway. But it is socially unacceptable to state that the emperor is buck naked.
No. Sites shouldn't have to ID everyone that uses them. The internet shouldn't be turned into a nursery for children just because parents don't want to do their job and supervise their children while they're on the internet. If you want a curated internet that is child-appropriate, then you create your own private internet. You don't force the rest of the world to censor itself.
Just like the free market figured out cybersecurity?
It ain't a magic wand that fixes all problems, buddy. Some problems just aren't possible to fix without making changes that sacrifice values core to the economy and of our culture.
Allow websites to Opt IN to claiming to be safe for an age / having a given content, and allow indexes to create an allow list of sites that have opted in.
Any site operating in bad faith should be subject to false advertising enforcement, or if clearly aimed at nefarious activities that sort of crime.
User generated content is "Unrated" until moderated.
Nobody wants kids on the internet (well, most people), but the devil is in the details. I hate the idea I’m expected to provide proof of id to these companies. If poorly implemented, which it will be, then they could use that to correlate advertising to me even when I use a whole suite of tools to prevent it.
What if Google, Apple, and Microsoft had "kid mode" versions of their OS which is what is enabled by default for any under 18 buying a device and normal mode had to be enabled at point of sale with ID verification?
In kid mode, it could only go to kid sites and run kid apps. If a parent ignores all proper advice and enables normal mode on their kids device, then that's on them (or lock them up, idk).
The main advantage is that the id check only has to happen once, in person, and it leaves most of the responsibilities on the parent who should have a vested interest in raising their kid rather than a corporation who wouldn't.
Readit News
Legislators are literally law professionals and most of them are old lawyers. They know EXACTLY what they're doing.
It could mean the British government too (the UK legal implementation is even worse. At least Australia commissioned a report on age verification. The British government just assumed it was fine because the trade body told them it was, and Ofcom have actively washed their hands of any responsibility for safe implementation at all).
Nobody wants it. It's a form of control on the internet that i would not desire. I don't care about preventing any harm, because the said harm doesn't get prevented in the first place, and new harm is placed on me!
Therefore, anyone in their right mind ought to completely oppose any sort of verification scheme on the internet. If you want verification, get the customer to pay a nominal amount via credit card - that is as far as it ought to be allowed to go. Any further, which includes demanding by law for verification, should not be allowed.
There probably are/will be ways to do age verification fairly accurately, but they will be scary in other ways, and will certainly violate your privacy, at least during that process.
But, I know better than thousands of policy writers in the Australian government and know it's not actually possible without destroying the internet as we know it, so, I don't want it.
You can't use credit/debit cards, think of the children and the 0.001% of people in Australia without a card.
https://allowe.com/games/larry/tips-manuals/lsl1-age-quiz.ht...
Websites could easily add X-Recommended-Age or X-Content-Rating headers where browsers could enforce a decent set of filters for adult-oriented content.
Popular platforms, I think, have age ratings on streams (twitch stream age tags), youtube, etc
The above would cover 90% of content-related concerns and combined with things like cloudflare dns filtering you'd have a relatively safe internet experience.
The interacting-whith-people (or oddball harms like character.ai) concerns can then be more easily policed by parents.
The industry has chosen not to implement basic controls and is asking for government controls.
Like any other “voluntary” system, this is also doomed to fail. It’s not like the cigarette companies didn’t target children for a reason.
To put it bluntly, the companies that use the “voluntary” metric that by definition restrict their reach will have less monthly active users and therefore less revenue than those who do not, so therefore nobody will. Already happened in 1998, it will definitely happen again.
A government API. It gives claims. Such as user x is an adult.
User logs in first, authorises an app to get a specific claim a specific period or amount of times, User logs in to the app, app calls the API.
There is no need for IDs or credit cards or any of the sort.
The EU has already solved this years ago?
That's where you'd want an intermediary: you log in on porn site A => redirects to some intermediary which only needs to check your age => login from the state, get age, send user with verified token to porn site.
Porn site only knows your login and the fact you are an adult.
Intermediary knows someone needed to validate their age.
State knows this random no porn site wanted to check some claims about you.
https://privacypass.github.io/
Because what is the problem to solve here? If you do not require services to confirm the age of the user, they will not have to confirm the age of the user. This is a problem created.
I don't know if the commenter refers to this one or not, it's probably too recent and far from "solved".
The EU portal itself has an identity verification functionality, I can use my national ID (national insurance number, specifically) in EU polls, petitions and other EU portal functions, but that's anything but anonymous by design.
Server operators just add one header, done. App and device developers would have to dig up some old code that can look for a header and check parental controls. Most kids are on phones and tablets. Complete mobile in two years as phase one. Desktops four years out as phase two. That may seem like a long time but this discussion has been ongoing since 2001 at least.
All the big tech companies have lobbyists. Have your lobbyists push for this and this could become a non issue in very little time.
[1] - https://www.rtalabel.org/index.php?content=howtofaq#response...
[2] - https://www.shodan.io/search?query=RTA-5042-1996-1400-1577-R...
I suspect the issue is that the user-side voluntary disabling of access means that--like with the V-Chip--almost no one will go about doing it, and that for many of the people trying to push for porn site restrictions, the side effect of forcing porn sites to close down is actually a desirable effect.
[1] https://en.wikipedia.org/wiki/V-chip
This places a majority of the cost of implementation on the people who actually want to use it, avoids a creepy Orwellian surveillance system, and enforcement is moved into a physical immediate reality that the average parents can see and monitor.
It also means you don't need to worry about visitors who are unmarried under the age of 16 years and three full moons who may not see unclad ankles in Elbonia.
Is it just the lack of an organized constituency? Resistance from device manufacturers/store operators? Too much control situated with individual families, so the absolutist political voices feel like it’s not pure enough? Or do they figure it’s too easy for a clever kid to bypass?
It's kind of like how in physical systems, if you kill all the predators in a few square km it leaves a void where any predator capable of evading your traps is able to prosper far more than you could have imagined, requiring intense efforts to actually secure whatever it is you were protecting.
If you create an environment that's attractive to predators (giant pools of interconnected, personal data and a system designed around access to that data being equivalent to being the person in question), so long as there are predators you can expect them to infiltrate that system unless you apply extremely costly countermeasures.
Rather than in-housing the identity verification (and allowing DOGE et all to slurp that up), I'd rather ban that sort of thing altogether and take out the private sector alternatives at the same time.
If we really think that's not possible, a centralized implementation is usually preferable (e.g., why do I need to provide more information and photos to id.me than I ever did to the IRS when all I'm trying to do is access my tax data, and why do the new terms of service strongly suggest that my personal information is being used for reasons far beyond identity verification). I don't think that's required for most of the identity-related concerns I've seen the last few years though.
The free market solves it by not doing it.
It'd be such a boon for any age verification legislature in the future.
And in countries where you need to be 17 to get a driving licence and where adulthood for many things is 16
Fine sites that allow minors to view porn and the free market will figure out age verification real quick.
Also, what is porn and who gets to define what porn is?
It ain't a magic wand that fixes all problems, buddy. Some problems just aren't possible to fix without making changes that sacrifice values core to the economy and of our culture.
Do NOT allow children onto the full Internet.
Allow websites to Opt IN to claiming to be safe for an age / having a given content, and allow indexes to create an allow list of sites that have opted in.
Any site operating in bad faith should be subject to false advertising enforcement, or if clearly aimed at nefarious activities that sort of crime.
User generated content is "Unrated" until moderated.
In kid mode, it could only go to kid sites and run kid apps. If a parent ignores all proper advice and enables normal mode on their kids device, then that's on them (or lock them up, idk).
The main advantage is that the id check only has to happen once, in person, and it leaves most of the responsibilities on the parent who should have a vested interest in raising their kid rather than a corporation who wouldn't.
Dead Comment
Dead Comment